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REMARKS 

Claims 1 , 3 " 5, 8, 10, 12 - 14, 17, 19, 21 - 23, and 26 have been amended. Claims % 18, 
and 27 have been cancelled from the application without prejudice. Claims 28 - 33 have been 
added. No new matter has been introduced with these amendments or added claims, which are 
supported in the specification as originally filed. Claims 1 ^ 8, 10 ^ 17, 19 - 26, and 28 - 33 are 
now in the application. 

Independent Claims 1, 10, and 19 have been amended to more clearly specify how 
information is exchanged in this embodiment. In addition, limitations of now-cancelled Claims 9, 
18, and 27 have been incorporated into these independent claims, which are (now) directed 
toward the embodiment illustrated by F'g- 5 of Applicants' specification. (As originally 
subimtted, these independent claims were intended to cover both embodiments illustrated by Figs. 
4 and 5.) Dependent Claims 3-5,12- 14, and 21 - 23 have been amended to remove multiple 
dependency. Claims 8, 17, and 26 have been rewritten in independent form, including limitations 
of the claims from which they originally depended. These claims correspond to the embodiment 
ilhistrated by Fig. 4 of Applicants' specification, (Added Claim 33 also corresponds to the 
embodiment illustrated in Fig. 4,) Added Claims 28 - 32 specify limitations analogous to those in 
Claims 20 - 24, but depend from the newly-crealed independent Claim 26. Thusj it can be seen 
that no new matter has been introduced. 
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1. nh\esction to the Drawmgs 

Paragraph I of the Office Action dated October 9, 2O03 (hereinafter, "the OfBce Action") 
states that the drawings are objected to because of unused referenced numbers in Fig. 6. A 
replacement drawing addressing this objection is provided herewith, as discussed above in 
"Amendments to the Drawings", and the Examiner is therefore respectMy requested to withdraw 
the objectioiL 

IL Iteiection Under U.S.C. §1 1?- second naraaraph 

Paragraphs 2 - 3 of the Office Action state that Claims 8 - 9, 17 - 18, and 26 - 27 are 
rejected under 35 U.S.C. §1 12, second paragraph as being indefinite for foiling to point out and 
distinctly claim the subject matter which Applicants regard as their invention. In particular, 
paragraph 3 states that the term "said generated passticket" has insufficient antecedent basis. 
Claims 9, 1 8, and 27 have been cancelled, and the limitations of Claims 8, 1 7, and 26 have been 
rewritten, thereby rendering this rejection moot. The Examiner b therefore respectfully requested 
to withdraw this §112 rejection. 

m. Rejection Under 35 U.S.C. €lQ3(a) 

Paragr^h 5 of the Office Action states that Oatms 1, 7, 9 - 10, 16, 1 8 - 19, 25, and 27 are 
rejected under 35 U.S.C. §1 03(a) as being unpatentable over U. S. Patent 5,241 ,594 to Kung in 
view of U. S. Patent 6,401,21 1 to Biezak et aL and U. S. Patent Application 09/159,514 
(publication US 2003/0041263 Al) to Devine et al. Paragraph 6 of the Office Action states that 
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Claitm 3 - 5, 12 - 14, and 21 - 23 are rejected under 35 U.S.C §103{a) as being unpatentable 
over Kung in view of Brezak and Devine, and further in view of S. Patent 5,754,830 to Butts 
et al. Paragraph 7 of the OfBce Action states that Claims 6, 1 5, and 24 are rejected under 35 
U.S.C. §103(a) as being unpatentable over Kung in view of Btezak, Devine, Butts, and fiirther in 
view of U. S. Patent 5,592,553 to Guski et al. Paragraph 8 of the Office Action states that Claims 
2, 11, and 20 are rejected under 35 U.S.C §103(a) as being unpatentable over Kung in view of 
Brezak and Devine and further in view of "Applied Cfyptograplry". pag^ 574 - 597, by Bruce 
Schneier, Paragraph 9 of the Office Action states that Claims 3 - 5, 12 - 14, and 21 - 23 are also 
rejected under 35 U.S.C. § 1 03(a) as being unpatentable over Kung in view of Biezak and Devine, 
and further in view of Schaeier and Butts. Paragraph 1 0 of the Office Action states that Claims 6, 
15, and 24 are also rejected under 35 U.S.C. §l03(a) as being uigjatentable over Kung in view of 
Bre:cak and Devine, and fiirther in view of Scbneier, Butts, and Guski Finalfy, par^raph 1 1 of 
the Office Action states that Oaims 8, 17, and 26 are rejected under 35 U.S,C. §103(a) as being 
ur5)atentable over Kung in view of Brezak and Dewie, and further in view of IBM Technical 
Discfosuie Bulletin NN9204459. Claims 9, 18, and 27 have been cancelled, rendering the 
rejection moot as to those claims. The §103 rejections are respectfully traversed with regard to 
the remaining claims. 

Kung teaches a centralized approach and a distributed approach^ each of which will now 
be described. Differences between each of these approaches and the techniques of Applicants* 
invention will also be described* 
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lo a centralized approach, Kung teaches a user workstation having a *taultiple logon 
protocol" (hereinafter, "MLP'O added to its TCP-IP stack See, for exatttple, element 16 of Fig. 
1. The corresponding text m coL 4, lines 13 - 18 states that this ML? is '"inserted* between the 
user application 14 aod the TCP-IP stack 1?* of the user workstation 11, and that this MLP 
"forms part of the TCP-IP stack 15". By modifying the TCP-IP stack on the user workstation, 
the applications executing on the user workstation, which make use of the TCP-IP stack for 
communications, do not have to be modified (as discussed in coL 4, lines 18-19). 

Kung further teaches that this centralized model uses a "multiple logon server" 
(hereinafter, "MLS'O, which is depicted as element 12 in Fig, 1 and in Fig, 3. As can be seen in 
Fig. 3, this MLS 12 does not communicate with the remote host computer 13 during the user 
logon process depicted therein. Instead, MLS 12 interacts with the user workstation 11. 

In particular, MLS 12 checks to sec if the user has already been connected (step 43), 
responsive to receiving an authorization request from workstation 11.. and if so, retums 
authorization information for the user (step 44), Following receipt of this authorization 
information (step 45), the MLP executing at the workstation sends the user's ID and password to 
the remote host computer 13 (step 49) in response to receiving a request therefrom (step 48). 
The workstation 11 and remote host con^uter 13 then establish a session (steps 50 and 51) and 
begin to communicate. These various steps are described in col. 4, line 62 - coL 5, line 18. 
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This is distinct from AppUcants' claimed invention in a number of ways. For example^ a 
server (rather than the cUent) is responsible for conununicating with the remote host in 
Applicants' invention. See, for example, flows 455 of Fig. 4 and 550 of Fig. 5. In the scenario of 
Fig. 5, the host's request for tog-on infonnation is not received at the client, in contrast to Kung's 
approach. (Applicants' approach therefore enables an existing Web browser to be used. Kung's 
approach, on the other hand, would require - inter alia - a different protocol stack to be added 
to the cHent machine.) Furthermore, the server machine of Applicants' invention is modifying a 
cUent-providcd tog-on message in the scenario of Fig. 4 (which corresponds to independent 
Claims 8, 17, and 26, as weU as newly-added independent Claim 33), and Kirog has no 
counterpart ftinctionality. 

Returning to the discussion of Kung's centralized approach, if it is determined at step 43 
that the user has not already connected, then at step 52 an authentication request is sent from 
MLS 12 to the workstation 11. Upon receiving this message at the workstation, the workstation- 
resident MLP 16 gets the user's ID and password, and sends those to the MLS 12. See steps 52, 
53, and 54 of Fig. 3, as well as the corresponding text in col. 5, lines 19-26. Kung teaches that 
the MLS 12 then sends another request to the workstation 1 1 (step 55), which the workstation- 
resident MLP 16 evaluates to determine whether it will accept (step 56). This approach also 
differs from Applicants' claimed invention, where the various entities do not exchange this type of 
messages in this way. 
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In a distributed approach, Ku^g teaches that each computer m the network stores the 
password files for aU cUents. See, for example. coL 2, line 67 - coL 3, line 2 and coL 6, lines 8 - 9, 
where this is discussed. This approach is not feasfl,le in a modem-day environment such as the 
Iittemet, and AppUcants' claimed invention does not sufer from this limitation. Instead, 
AppUcants' invention leverages a host access security system, which has responsibility for the 
access credentials of authorized users. 

In Kung's distributed approach, a secure user workstation 11 is required. See, for 
example, coL 5, Hne 43 and coL 6, lines 28 - 30, as wett as the text associated with element 11 in 
Fig- 4. Applicants' claimed invention does not require a secure computer. Fuithennore, Kung's 
distributed approach "eliminates the multiple logon server 12" (col. 5, Imes 40 - 41), and therefore 
uses only the workstation 11 and remote computer 13 as communicating entities. This ^proach 
therefore does not correspond to Applicants' claimed invention, which uses additional 
communicating entities. 

Kung also teaches that a "specific sequence of events [is] required to implement" his 
approach. See col. 6, lines 15-17. This teaches away fi^jm combining other references, which 
would alter the "specific sequence of [required] events". 

Paragraph 5 of the OjfPce Action, pages 3 - 6, admits that Kung does not teach a number 
of the limitations of Applicants' independent claims, and cites Brezak and Devine as teachiijg 
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those limhations. AppUcants respect&Uy disagree that the teferences can be combined to yield 
their claitr^d invention, and that a proper motivation for combining ha* been demonstrated. In 
particular, page 6 of the Office Action states it would have been obvious to one of skiU in the art 
td combine the digital certificates of Devine with Kung and Brezak because «it would have added 
a more secure authentication algorithm". AppUcantsMto see any reason why a "more secure 
authentication algorithm" would result. 

More importantly, it is not as simple as saying that one can introduce digital certificates, 
when (as in Applicants' claimed invention) the environment includes message flovkrs exchanged 
with legacy host systems. It is well known in the art that modifying legacy systems is difficult, if 
not impossftjle: typically, the software running on the legacy system uses an "outdated" 
programming language for which expertise is no longer readily available, and in many cases, the 
source code is not available at all. 

In view of the difficulties inherent in this environment. Applicants have invented 
techniques that enable using information from digital certificates, along with message flows used 
by legacy host ^ems. As a resuh, no change is needed at the legacy host system. An 
intermediate entity is used, and this intermediate entity (referred to in Applicants' claims as a 
"server machine" or "server") communicates with the legacy host system using a legacy host 
communication protocol while also communicating with clients that are adapted for sending 
digital certificates. 
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AppUcant s note that the paragraph cited in the OfiBce Action as teaching use of digital 
certificates in Devine (paragr^h 88 on Devine's page 7) pertains to estabUshing a secure session 
between a cUent and a server. This functionality appears in AppUcants' Figs. 4 and S at message 
flows 420 and 520. respectively. In contrast to Applicants' claimed invention, there is no 
discussion in Devine of su^ySQ^ using the digital certificate, or infbimation contained therein, 
to tog the iiser on to a secure legacy host apptication or system (where legacy systems are lefeixed 
to in Devine as "back end»» or "third tier" emities; see paragraph 0052). In particular, paragraph 
0150 of Devine, where interactions between application proxies and the back-end servers are 
discussed, contains no oip pAstion whatsoever that these interactions inchidc information obtained 
from, or through iise of; a digital certificate. 

In view of tiie above, Applicants respectfbOly submit that their independent claims are 
patentable over the cited references, whether taken singly or in combination. Furthermore, 
Applicants respectful^ submit that one of skill in the art would not be motivated to attempt the 
combinatroo, and that such combination Of; arguendo, such combination is possible) foils to yield 
the Umitations of their independent claims. Applicants also re^ctfiilfy submit that their 
dependent claims are deemed patentable over the references by virtue of the novelty of the 
independent claims. Acoordingfy, the Examiner is re^iectfully requested to withdraw the §103 
rejection of all claims as currently presented. 
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IV. Concltision 

Applicants respectfoUy request reconsideration of the pending rejected claims. ^vithdraW 
df all presently outstanding objections and rejections, and allowance of aB claims at an early date. 

RespectfoUy submitted, 

Marcia L. Doubet 
Attorney for Applicants 
Reg. Nbr. 40,999 

Customer NTw. 25260 
Phone: 407-343-7586 
Fax: 407-343-7587 

Attachment: Replacement Sheet (J) 
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